| VID |
26010 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q269523) for the "Service Control Manager Named Pipe Impersonation" problem has not been applied. The Service Control Manager (SCM, services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified.
The SCM creates predictable named pipes, which allows a local user with console access to gain administrator privileges, a.k.a. the "Service Control Manager Named Pipe Impersonation" vulnerability.
(Named pipes, which allow bi-directional communication between multiple processes. The processes can reside on different machines.)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 2000
* References:
http://www.iss.net/security_center/static/5031.php
http://www.microsoft.com/technet/security/bulletin/ms00-053.asp |
| Recommendation |
Apply the appropriate patch (Q269523) for your system, as listed in Microsoft Security Bulletin MS00-053. (http://www.microsoft.com/technet/security/bulletin/ms00-053.asp)
* Note: This patch will be included in the next Service Pack for Windows 2000 -- it can be applied to a computer with or without Service Pack 1. |
| Related URL |
CVE-2000-0737 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
